Oracle JDK and JRE contain an unspecified flaw in the 2D subcomponent that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided by Oracle.